xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
X.Org xorg-server 1.7.0
X.Org xorg-server 1.7.0.901
X.Org xorg-server 1.7.0.902
X.Org xorg-server 1.7.1
X.Org xorg-server 1.7.1.901
X.Org xorg-server 1.7.1.902
X.Org xorg-server 1.7.2
X.Org xorg-server 1.7.2.901
X.Org xorg-server 1.7.2.902
X.Org xorg-server 1.7.3
X.Org xorg-server 1.7.3.901
X.Org xorg-server 1.7.3.902
X.Org xorg-server 1.7.4
X.Org xorg-server 1.7.4.901
X.Org xorg-server 1.7.4.902
X.Org xorg-server 1.7.5
X.Org xorg-server 1.7.5.901
X.Org xorg-server 1.7.5.902
X.Org xorg-server 1.7.6
X.Org xorg-server 1.7.6.901
X.Org xorg-server 1.7.6.902
X.Org xorg-server 1.7.7
X.Org xorg-server 1.7.99.1
X.Org xorg-server 1.7.99.2
X.Org xorg-server 1.7.99.901
X.Org xorg-server 1.7.99.902
X.Org xorg-server 1.8.0
X.Org xorg-server 1.8.0.901
X.Org xorg-server 1.8.0.902
X.Org xorg-server 1.8.1
X.Org xorg-server 1.8.1.901
X.Org xorg-server 1.8.1.902
X.Org xorg-server 1.8.2
X.Org xorg-server 1.8.2.901
X.Org xorg-server 1.8.2.902
X.Org xorg-server 1.8.99.901
X.Org xorg-server 1.8.99.902
X.Org xorg-server 1.8.99.903
X.Org xorg-server 1.8.99.904
X.Org xorg-server 1.8.99.905
X.Org xorg-server 1.9.0
X.Org xorg-server 1.9.0.901
X.Org xorg-server 1.9.0.902
X.Org xorg-server 1.9.1
X.Org xorg-server 1.9.2
X.Org xorg-server 1.9.2.901
X.Org xorg-server 1.9.2.902
X.Org xorg-server 1.9.3
X.Org xorg-server 1.9.3.901
X.Org xorg-server 1.9.3.902
X.Org xorg-server 1.9.4
X.Org xorg-server 1.9.4.901
X.Org xorg-server 1.9.5
X.Org xorg-server 1.9.99.901
X.Org xorg-server 1.9.99.902
X.Org xorg-server 1.9.99.903
X.Org xorg-server 1.10.0
X.Org xorg-server 1.10.0.901
X.Org xorg-server 1.10.0.902
X.Org xorg-server 1.10.1
X.Org xorg-server 1.10.1.901
X.Org xorg-server 1.10.1.902
X.Org xorg-server 1.10.2
X.Org xorg-server 1.10.2.901
X.Org xorg-server 1.10.2.902
X.Org xorg-server 1.10.3
X.Org xorg-server 1.10.3.901
X.Org xorg-server 1.10.3.902
X.Org xorg-server 1.10.4
X.Org xorg-server 1.10.6
X.Org xorg-server 1.10.99.901
X.Org xorg-server 1.10.99.902
X.Org xorg-server 1.11.0
X.Org xorg-server 1.11.1
X.Org xorg-server 1.11.1.901
X.Org xorg-server 1.11.1.902
X.Org xorg-server 1.11.2
X.Org xorg-server 1.11.2.901
X.Org xorg-server 1.11.2.902
X.Org xorg-server 1.11.3
X.Org xorg-server 1.11.3.901
X.Org xorg-server 1.11.3.902
X.Org xorg-server 1.11.4
X.Org xorg-server 1.11.99.1
X.Org xorg-server 1.11.99.2
X.Org xorg-server 1.11.99.901
X.Org xorg-server 1.11.99.902
X.Org xorg-server 1.11.99.903
X.Org xorg-server 1.12.0
X.Org xorg-server 1.12.0.901
X.Org xorg-server 1.12.0.902
X.Org xorg-server 1.12.1.901
X.Org xorg-server 1.12.1.902
X.Org xorg-server 1.12.2
X.Org xorg-server 1.12.2.901
X.Org xorg-server 1.12.2.902
X.Org xorg-server 1.12.3
X.Org xorg-server 1.12.3.901
X.Org xorg-server 1.12.3.902
X.Org xorg-server 1.12.4
X.Org xorg-server 1.12.99.901
X.Org xorg-server 1.12.99.902
X.Org xorg-server 1.12.99.903
X.Org xorg-server 1.12.99.904
X.Org xorg-server 1.12.99.905
X.Org xorg-server 1.13.0
X.Org xorg-server 1.13.0.901
X.Org xorg-server 1.13.0.902
X.Org xorg-server 1.13.1
X.Org xorg-server 1.13.1.901
X.Org xorg-server 1.13.2
X.Org xorg-server 1.13.2.901
X.Org xorg-server 1.13.2.902
X.Org xorg-server 1.13.3
X.Org xorg-server 1.13.4
X.Org xorg-server 1.13.99.901
X.Org xorg-server 1.13.99.902
X.Org xorg-server 1.14.0
X.Org xorg-server 1.14.1
X.Org xorg-server 1.14.1.901
X.Org xorg-server 1.14.1.902
X.Org xorg-server 1.14.2
X.Org xorg-server 1.14.2 release candidate 1
X.Org xorg-server 1.14.2.901
X.Org xorg-server 1.14.2.902
X.Org xorg-server 1.14.3
X.Org xorg-server 1.14.3.901
X.Org xorg-server 1.14.3.901 release candidate 1
X.Org xorg-server 1.14.4
X.Org xorg-server 1.14.4.901
X.Org xorg-server 1.14.5
X.Org xorg-server 1.14.5.901
X.Org xorg-server 1.14.6
X.Org xorg-server 1.14.7
X.Org xorg-server 1.14.99.1
X.Org xorg-server 1.14.99.2
X.Org xorg-server 1.14.99.3
X.Org xorg-server 1.14.99.901
X.Org xorg-server 1.14.99.902
X.Org xorg-server 1.14.99.903
X.Org xorg-server 1.14.99.904
X.Org xorg-server 1.14.99.905
X.Org xorg-server 1.15.0
X.Org xorg-server 1.15.0.901
X.Org xorg-server 1.15.1
X.Org xorg-server 1.15.2
X.Org xorg-server 1.15.99.901
X.Org xorg-server 1.15.99.902
X.Org xorg-server 1.15.99.903
X.Org xorg-server 1.15.99.904
X.Org xorg-server 1.16.0
X.Org xorg-server 1.16.0.901
X.Org xorg-server 1.16.1
X.Org xorg-server 1.16.1.901
X.Org xorg-server 1.16.2
X.Org xorg-server 1.16.2.99.901
X.Org xorg-server 1.16.2.901
X.Org xorg-server 1.16.3
X.Org xorg-server 1.17.0
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad... | |||
| DSA-4000 | |||
| https://bugzilla.redhat.com/show_bug.cgi?id=1509216 |
Improper Input Validation (ID 20)
Related CAPEC 58
Buffer Overflow via Environment Variables (CAPEC-ID 10)
Server Side Include (SSI) Injection (CAPEC-ID 101)
Cross Zone Scripting (CAPEC-ID 104)
Cross Site Scripting through Log Files (CAPEC-ID 106)
Command Line Execution through SQL Injection (CAPEC-ID 108)
Object Relational Mapping Injection (CAPEC-ID 109)
SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110)
Subverting Environment Variable Values (CAPEC-ID 13)
Format String Injection (CAPEC-ID 135)
LDAP Injection (CAPEC-ID 136)
Relative Path Traversal (CAPEC-ID 139)
Client-side Injection-induced Buffer Overflow (CAPEC-ID 14)
Variable Manipulation (CAPEC-ID 171)
Embedding Scripts in Non-Script Elements (CAPEC-ID 18)
Flash Injection (CAPEC-ID 182)
Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199)
Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22)
XML Nested Payloads (CAPEC-ID 230)
XML Oversized Payloads (CAPEC-ID 231)
Filter Failure through Buffer Overflow (CAPEC-ID 24)
Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244)
XML Injection (CAPEC-ID 250)
Environment Variable Manipulation (CAPEC-ID 264)
Global variable manipulation (CAPEC-ID 265)
Leverage Alternate Encoding (CAPEC-ID 267)
Fuzzing (CAPEC-ID 28)
Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3)
Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31)
Embedding Scripts in HTTP Query Strings (CAPEC-ID 32)
MIME Conversion (CAPEC-ID 42)
Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Overflow Variables and Tags (CAPEC-ID 46)
Buffer Overflow via Parameter Expansion (CAPEC-ID 47)
Signature Spoof (CAPEC-ID 473)
XML Client-Side Attack (CAPEC-ID 484)
Embedding NULL Bytes (CAPEC-ID 52)
Postfix, Null Terminate, and Backslash (CAPEC-ID 53)
Simple Script Injection (CAPEC-ID 63)
Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64)
SQL Injection (CAPEC-ID 66)
String Format Overflow in syslog() (CAPEC-ID 67)
Blind SQL Injection (CAPEC-ID 7)
Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71)
URL Encoding (CAPEC-ID 72)
User-Controlled Filename (CAPEC-ID 73)
Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78)
Using Slashes in Alternate Encoding (CAPEC-ID 79)
Buffer Overflow in an API Call (CAPEC-ID 8)
Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80)
Web Logs Tampering (CAPEC-ID 81)
XPath Injection (CAPEC-ID 83)
AJAX Fingerprinting (CAPEC-ID 85)
Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86)
OS Command Injection (CAPEC-ID 88)
Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)
XSS in IMG Tags (CAPEC-ID 91)
XML Parser Attack (CAPEC-ID 99)